Latest changes to PCI SSC frequently asked questions.
The PCI DSS requirement 4.1 states "use strong cryptography and security protocols such as SSL / TLS/ IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.? While …
The intent of PCI DSS requirement 8.5.14 is to lock out accounts due to suspicious activity, to prevent a malicious user from gaining access to users’ accounts, by continually trying …
PCI DSS requirement 3.3 requires that the PAN be masked when it is displayed (for example, on screens, logs, reports, receipts), unless the viewing party has a specific need to …
Forms and images containing cardholder data are subject to the PCI DSS. PCI DSS requirement 3.4 requires that all cardholder data be rendered unreadable. It does not differentiate between how …
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted by any media, including paper records. PCI DSS requirements 9.6 through 9.10 specifically address …
For PCI DSS requirement 4.1, digital leased lines are considered to be private since they are dedicated to the individual customer’s traffic.
PCI DSS requirement 8.5 requires all user passwords be securely managed. These requirements apply to all non-consumer users (not the cardholder) and administrators, not to credentials supplied by applications or …
An inactive user is one whose account has not been used in over 90 days. Note that section 8.5 requirements only apply to “non-consumer users” or those individuals that access …
Per the Scope of Assessment section of the PCI DSS Requirements and Security Assessment Procedures, there are two options for hosting providers and other third party providers to validate compliance:
…While some ASVs may report DoS vulnerabilities as relatively high risks, the PCI SSC has clearly instructed ASVs to not consider this vulnerability when determining compliance of the ASV scan …
